package org.apache.thrift.transport;

import java.nio.charset.StandardCharsets;
import java.util.HashMap;
import java.util.Map;
import java.util.Objects;
import javax.security.sasl.SaslClient;
import javax.security.sasl.SaslException;
import javax.security.sasl.SaslServer;
import org.apache.thrift.EncodingUtils;
import org.apache.thrift.TByteArrayOutputStream;
import org.apache.thrift.TConfiguration;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* JADX WARN: Classes with same name are omitted:
  input_file:docker/ArmsAgent/lib/libthrift-0.10.0.jar:org/apache/thrift/transport/TSaslTransport.class
  input_file:docker/agent_pinpoint/tools/pinpoint-tools-2.5.1-p1.jar:org/apache/thrift/transport/TSaslTransport.class
 */
/* loaded from: input_file:docker/agent_pinpoint/lib/libthrift-0.16.0.jar:org/apache/thrift/transport/TSaslTransport.class */
abstract class TSaslTransport extends TEndpointTransport {
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) TSaslTransport.class);
    protected static final int DEFAULT_MAX_LENGTH = Integer.MAX_VALUE;
    protected static final int MECHANISM_NAME_BYTES = 1;
    protected static final int STATUS_BYTES = 1;
    protected static final int PAYLOAD_LENGTH_BYTES = 4;
    protected TTransport underlyingTransport;
    private SaslParticipant sasl;
    private boolean shouldWrap;
    private TMemoryInputTransport readBuffer;
    private final TByteArrayOutputStream writeBuffer;
    private final byte[] messageHeader;

    /* loaded from: input_file:docker/ArmsAgent/lib/libthrift-0.10.0.jar:org/apache/thrift/transport/TSaslTransport$NegotiationStatus.class */
    protected enum NegotiationStatus {
        START((byte) 1),
        OK((byte) 2),
        BAD((byte) 3),
        ERROR((byte) 4),
        COMPLETE((byte) 5);

        private final byte value;
        private static final Map<Byte, NegotiationStatus> reverseMap = new HashMap();

        NegotiationStatus(byte b) {
            this.value = b;
        }

        public byte getValue() {
            return this.value;
        }

        public static NegotiationStatus byValue(byte b) {
            return reverseMap.get(Byte.valueOf(b));
        }

        static {
            for (NegotiationStatus negotiationStatus : (NegotiationStatus[]) NegotiationStatus.class.getEnumConstants()) {
                reverseMap.put(Byte.valueOf(negotiationStatus.getValue()), negotiationStatus);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* JADX WARN: Classes with same name are omitted:
      input_file:docker/ArmsAgent/lib/libthrift-0.10.0.jar:org/apache/thrift/transport/TSaslTransport$SaslParticipant.class
      input_file:docker/agent_pinpoint/tools/pinpoint-tools-2.5.1-p1.jar:org/apache/thrift/transport/TSaslTransport$SaslParticipant.class
     */
    /* loaded from: input_file:docker/agent_pinpoint/lib/libthrift-0.16.0.jar:org/apache/thrift/transport/TSaslTransport$SaslParticipant.class */
    public static class SaslParticipant {
        public SaslServer saslServer;
        public SaslClient saslClient;

        public SaslParticipant(SaslServer saslServer) {
            this.saslServer = saslServer;
        }

        public SaslParticipant(SaslClient saslClient) {
            this.saslClient = saslClient;
        }

        public byte[] evaluateChallengeOrResponse(byte[] bArr) throws SaslException {
            return this.saslClient != null ? this.saslClient.evaluateChallenge(bArr) : this.saslServer.evaluateResponse(bArr);
        }

        public boolean isComplete() {
            return this.saslClient != null ? this.saslClient.isComplete() : this.saslServer.isComplete();
        }

        public void dispose() throws SaslException {
            if (this.saslClient != null) {
                this.saslClient.dispose();
            } else {
                this.saslServer.dispose();
            }
        }

        public byte[] unwrap(byte[] bArr, int i, int i2) throws SaslException {
            return this.saslClient != null ? this.saslClient.unwrap(bArr, i, i2) : this.saslServer.unwrap(bArr, i, i2);
        }

        public byte[] wrap(byte[] bArr, int i, int i2) throws SaslException {
            return this.saslClient != null ? this.saslClient.wrap(bArr, i, i2) : this.saslServer.wrap(bArr, i, i2);
        }

        public Object getNegotiatedProperty(String str) {
            return this.saslClient != null ? this.saslClient.getNegotiatedProperty(str) : this.saslServer.getNegotiatedProperty(str);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    /* JADX WARN: Classes with same name are omitted:
      input_file:docker/ArmsAgent/lib/libthrift-0.10.0.jar:org/apache/thrift/transport/TSaslTransport$SaslResponse.class
      input_file:docker/agent_pinpoint/tools/pinpoint-tools-2.5.1-p1.jar:org/apache/thrift/transport/TSaslTransport$SaslResponse.class
     */
    /* loaded from: input_file:docker/agent_pinpoint/lib/libthrift-0.16.0.jar:org/apache/thrift/transport/TSaslTransport$SaslResponse.class */
    public static class SaslResponse {
        public org.apache.thrift.transport.sasl.NegotiationStatus status;
        public byte[] payload;

        public SaslResponse(org.apache.thrift.transport.sasl.NegotiationStatus negotiationStatus, byte[] bArr) {
            this.status = negotiationStatus;
            this.payload = bArr;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    /* JADX WARN: Classes with same name are omitted:
      input_file:docker/ArmsAgent/lib/libthrift-0.10.0.jar:org/apache/thrift/transport/TSaslTransport$SaslRole.class
      input_file:docker/agent_pinpoint/tools/pinpoint-tools-2.5.1-p1.jar:org/apache/thrift/transport/TSaslTransport$SaslRole.class
     */
    /* loaded from: input_file:docker/agent_pinpoint/lib/libthrift-0.16.0.jar:org/apache/thrift/transport/TSaslTransport$SaslRole.class */
    public enum SaslRole {
        SERVER,
        CLIENT
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public TSaslTransport(TTransport tTransport) throws TTransportException {
        super(Objects.isNull(tTransport.getConfiguration()) ? new TConfiguration() : tTransport.getConfiguration());
        this.shouldWrap = false;
        this.writeBuffer = new TByteArrayOutputStream(1024);
        this.messageHeader = new byte[5];
        this.underlyingTransport = tTransport;
        this.readBuffer = new TMemoryInputTransport(tTransport.getConfiguration());
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public TSaslTransport(SaslClient saslClient, TTransport tTransport) throws TTransportException {
        super(Objects.isNull(tTransport.getConfiguration()) ? new TConfiguration() : tTransport.getConfiguration());
        this.shouldWrap = false;
        this.writeBuffer = new TByteArrayOutputStream(1024);
        this.messageHeader = new byte[5];
        this.sasl = new SaslParticipant(saslClient);
        this.underlyingTransport = tTransport;
        this.readBuffer = new TMemoryInputTransport(tTransport.getConfiguration());
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void setSaslServer(SaslServer saslServer) {
        this.sasl = new SaslParticipant(saslServer);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void sendSaslMessage(org.apache.thrift.transport.sasl.NegotiationStatus negotiationStatus, byte[] bArr) throws TTransportException {
        if (bArr == null) {
            bArr = new byte[0];
        }
        this.messageHeader[0] = negotiationStatus.getValue();
        EncodingUtils.encodeBigEndian(bArr.length, this.messageHeader, 1);
        LOGGER.debug("{}: Writing message with status {} and payload length {}", getRole(), negotiationStatus, Integer.valueOf(bArr.length));
        this.underlyingTransport.write(this.messageHeader);
        this.underlyingTransport.write(bArr);
        this.underlyingTransport.flush();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public SaslResponse receiveSaslMessage() throws TTransportException {
        this.underlyingTransport.readAll(this.messageHeader, 0, this.messageHeader.length);
        byte b = this.messageHeader[0];
        org.apache.thrift.transport.sasl.NegotiationStatus byValue = org.apache.thrift.transport.sasl.NegotiationStatus.byValue(b);
        if (byValue == null) {
            throw sendAndThrowMessage(org.apache.thrift.transport.sasl.NegotiationStatus.ERROR, "Invalid status " + ((int) b));
        }
        int decodeBigEndian = EncodingUtils.decodeBigEndian(this.messageHeader, 1);
        if (decodeBigEndian < 0 || decodeBigEndian > getConfiguration().getMaxMessageSize()) {
            throw sendAndThrowMessage(org.apache.thrift.transport.sasl.NegotiationStatus.ERROR, "Invalid payload header length: " + decodeBigEndian);
        }
        byte[] bArr = new byte[decodeBigEndian];
        this.underlyingTransport.readAll(bArr, 0, bArr.length);
        if (byValue == org.apache.thrift.transport.sasl.NegotiationStatus.BAD || byValue == org.apache.thrift.transport.sasl.NegotiationStatus.ERROR) {
            throw new TTransportException("Peer indicated failure: " + new String(bArr, StandardCharsets.UTF_8));
        }
        LOGGER.debug("{}: Received message with status {} and payload length {}", getRole(), byValue, Integer.valueOf(bArr.length));
        return new SaslResponse(byValue, bArr);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public TTransportException sendAndThrowMessage(org.apache.thrift.transport.sasl.NegotiationStatus negotiationStatus, String str) throws TTransportException {
        try {
            sendSaslMessage(negotiationStatus, str.getBytes(StandardCharsets.UTF_8));
        } catch (Exception e) {
            LOGGER.warn("Could not send failure response", (Throwable) e);
            str = str + "\nAlso, could not send response: " + e.toString();
        }
        throw new TTransportException(str);
    }

    protected abstract void handleSaslStartMessage() throws TTransportException, SaslException;

    protected abstract SaslRole getRole();

    @Override // org.apache.thrift.transport.TTransport
    public void open() throws TTransportException {
        LOGGER.debug("opening transport {}", this);
        if (this.sasl != null && this.sasl.isComplete()) {
            throw new TTransportException("SASL transport already open");
        }
        if (!this.underlyingTransport.isOpen()) {
            this.underlyingTransport.open();
        }
        try {
            handleSaslStartMessage();
            LOGGER.debug("{}: Start message handled", getRole());
            SaslResponse saslResponse = null;
            while (!this.sasl.isComplete()) {
                saslResponse = receiveSaslMessage();
                if (saslResponse.status != org.apache.thrift.transport.sasl.NegotiationStatus.COMPLETE && saslResponse.status != org.apache.thrift.transport.sasl.NegotiationStatus.OK) {
                    throw new TTransportException("Expected COMPLETE or OK, got " + saslResponse.status);
                }
                byte[] evaluateChallengeOrResponse = this.sasl.evaluateChallengeOrResponse(saslResponse.payload);
                if (saslResponse.status == org.apache.thrift.transport.sasl.NegotiationStatus.COMPLETE && getRole() == SaslRole.CLIENT) {
                    LOGGER.debug("{}: All done!", getRole());
                } else {
                    sendSaslMessage(this.sasl.isComplete() ? org.apache.thrift.transport.sasl.NegotiationStatus.COMPLETE : org.apache.thrift.transport.sasl.NegotiationStatus.OK, evaluateChallengeOrResponse);
                }
            }
            LOGGER.debug("{}: Main negotiation loop complete", getRole());
            if (getRole() == SaslRole.CLIENT && (saslResponse == null || saslResponse.status == org.apache.thrift.transport.sasl.NegotiationStatus.OK)) {
                LOGGER.debug("{}: SASL Client receiving last message", getRole());
                SaslResponse receiveSaslMessage = receiveSaslMessage();
                if (receiveSaslMessage.status != org.apache.thrift.transport.sasl.NegotiationStatus.COMPLETE) {
                    throw new TTransportException("Expected SASL COMPLETE, but got " + receiveSaslMessage.status);
                }
            }
            String str = (String) this.sasl.getNegotiatedProperty("javax.security.sasl.qop");
            if (str == null || str.equalsIgnoreCase("auth")) {
                return;
            }
            this.shouldWrap = true;
        } catch (TTransportException e) {
            if (0 == 0 && e.getType() == 4) {
                this.underlyingTransport.close();
                LOGGER.debug("No data or no sasl data in the stream during negotiation");
            }
            throw e;
        } catch (SaslException e2) {
            try {
                LOGGER.error("SASL negotiation failure", e2);
                throw sendAndThrowMessage(org.apache.thrift.transport.sasl.NegotiationStatus.BAD, e2.getMessage());
            } catch (Throwable th) {
                this.underlyingTransport.close();
                throw th;
            }
        }
    }

    public SaslClient getSaslClient() {
        return this.sasl.saslClient;
    }

    public TTransport getUnderlyingTransport() {
        return this.underlyingTransport;
    }

    public SaslServer getSaslServer() {
        return this.sasl.saslServer;
    }

    protected int readLength() throws TTransportException {
        byte[] bArr = new byte[4];
        this.underlyingTransport.readAll(bArr, 0, bArr.length);
        return EncodingUtils.decodeBigEndian(bArr);
    }

    protected void writeLength(int i) throws TTransportException {
        byte[] bArr = new byte[4];
        org.apache.thrift.transport.layered.TFramedTransport.encodeFrameSize(i, bArr);
        this.underlyingTransport.write(bArr);
    }

    @Override // org.apache.thrift.transport.TTransport, java.io.Closeable, java.lang.AutoCloseable
    public void close() {
        this.underlyingTransport.close();
        try {
            this.sasl.dispose();
        } catch (SaslException e) {
            LOGGER.warn("Failed to dispose sasl participant.", e);
        }
    }

    @Override // org.apache.thrift.transport.TTransport
    public boolean isOpen() {
        return this.underlyingTransport.isOpen() && this.sasl != null && this.sasl.isComplete();
    }

    @Override // org.apache.thrift.transport.TTransport
    public int read(byte[] bArr, int i, int i2) throws TTransportException {
        if (!isOpen()) {
            throw new TTransportException("SASL authentication not complete");
        }
        int read = this.readBuffer.read(bArr, i, i2);
        if (read > 0) {
            return read;
        }
        try {
            readFrame();
            return this.readBuffer.read(bArr, i, i2);
        } catch (TTransportException e) {
            if (e.getType() == 4) {
                LOGGER.debug("No data or no sasl data in the stream during negotiation");
            }
            throw e;
        } catch (SaslException e2) {
            throw new TTransportException((Throwable) e2);
        }
    }

    private void readFrame() throws TTransportException, SaslException {
        int readLength = readLength();
        if (readLength < 0) {
            throw new TTransportException("Read a negative frame size (" + readLength + ")!");
        }
        byte[] bArr = new byte[readLength];
        LOGGER.debug("{}: reading data length: {}", getRole(), Integer.valueOf(readLength));
        this.underlyingTransport.readAll(bArr, 0, readLength);
        if (this.shouldWrap) {
            bArr = this.sasl.unwrap(bArr, 0, bArr.length);
            LOGGER.debug("data length after unwrap: {}", Integer.valueOf(bArr.length));
        }
        this.readBuffer.reset(bArr);
    }

    @Override // org.apache.thrift.transport.TTransport
    public void write(byte[] bArr, int i, int i2) throws TTransportException {
        if (!isOpen()) {
            throw new TTransportException("SASL authentication not complete");
        }
        this.writeBuffer.write(bArr, i, i2);
    }

    @Override // org.apache.thrift.transport.TTransport
    public void flush() throws TTransportException {
        byte[] bArr = this.writeBuffer.get();
        int len = this.writeBuffer.len();
        this.writeBuffer.reset();
        if (this.shouldWrap) {
            LOGGER.debug("data length before wrap: {}", Integer.valueOf(len));
            try {
                bArr = this.sasl.wrap(bArr, 0, len);
                len = bArr.length;
            } catch (SaslException e) {
                throw new TTransportException((Throwable) e);
            }
        }
        LOGGER.debug("writing data length: {}", Integer.valueOf(len));
        writeLength(len);
        this.underlyingTransport.write(bArr, 0, len);
        this.underlyingTransport.flush();
    }
}
